Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sossie
New Contributor

Bulk create local guest users and sync between multiple fortigates

Hi all,

 

I'm using a Fortigate 100F with Captive portal for a guest wifi, it works ok. We are not using FortiAP's so I can't use all the captive portal features available with FortiAP's.

 

I now have a 2nd site which also has a Fortigate firewall and guest wifi so what I would like to do is sync the guest users between the two fortigates. 

 

So I would like to know, can I somehow export the local users from Fortigate1 and import them into Fortigate2 including the password?

 

Anyone know how I can do that with a script or API?

 

Cheers, Simon

2 REPLIES 2
sw2090
Honored Contributor

you could exec an ssh session that executes "show user local" on the 100F. This outputs the complete part of the config that has all user that exist local on that fgt.

then you could exec an ssh session on Site 2 FGT and execute this as config script (just has to exec all commands that "show user local" outputted top down).

you could do this programmatically of course. Then you just need to set up some scheduling to exec this regularly.

 

The only other ways I know would be to use a fortimanager and either have both FGT use the same policy package (then they also share the users) or have the users in global db and assign that to the adom your FGT are in. But I guess in your case that'd be overkill...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
sw2090
Honored Contributor

[strike]btw I just see the output of "show user local" is missing the last "end".[/strike]

[strike]It should be added to close user config mode after adding the last user.[/strike]

[strike] [/strike]

incorrect because I hit ctrl-c instead of letting the output finish.

Maybe doing this using scp (then you have to enable admin-scp on the FGTs) is even the better plan.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors